Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oscar_David_Gom
Contributor
Contributor

Traffic Control

Hi,

We have a VSX environment with various VS, two of them are controlling traffic, but just one has HTTPS Inspection enabled, the other one is only using categorization, in order to work with HTTPS Inspection, we uncheck the option "Categorize HTTPS websites", but the VS without HTTPS Inspection is not enforcing rules because can not categorize that traffic.

I need to know how does that option works, is there a way to only activate Categorization for the VS that does not have HTTPS Inspection? Does the platform have trouble having both enabled? if so, how can I control this traffic without using https inspection and the option "Categorize HTTPS websites" disabled?

Thanks.

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

This should be possible in R80.20 per sk108202 i.e. HTTPSi + Categorise HTTPS websites

CCSM R77/R80/ELITE
0 Kudos
Zach_S
Employee
Employee

In order for Application Control and URL Filtering to work best, it is better to have HTTPS Inspection enabled. I think it's better to do the Application Control + URL Filtering on the perimeter firewall w/ outbound HTTPS Inspection enabled on that firewall for outbound connections. 

Not sure why your topology requires 2 virtual systems to perform categorization, ideally this should only be done once on the way out to the internet. Are you able to share any more details?

Without HTTPS Inspection or HTTPS Categorization, you won't be able to use site/category in the policy for rules containing the https service. HTTPS Categorization will only categorize based on the subject common name of the trusted certificate returned by the server, so the results will be mixed when using HTTPS Categorization. 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events